<?php
require_once 'Wmp/Acl/Assertion.php';
class Wmp_Acl_Acl extends Zend_Acl
{
    private $_noAuth;
    private $_noAcl;
    private $_superadminRole;
    
    public function __construct()
    {
        $config = Zend_Registry::get('config');
        $this->_superadminRole = $config->superadmin->name;
              
        $this->_addRoles();
        $this->_addRessources(); 
        $this->_initPrivileges(); 
        
        $this->_loadRedirectionActions($config->acl);
    }
    
    public function setNoAuthAction($noAuth)
    {
        $this->_noAuth = $noAuth;
    }
    
    public function setNoAclAction($noAcl)
    {
        $this->_noAcl = $noAcl;
    }
    public function getNoAuthAction()
    {
        return $this->_noAuth;
    }
    
    public function getNoAclAction()
    {
        return $this->_noAcl;
    }
    
    protected function _initPrivileges()
    {
    	//fixer toutes les opérations allow, deny ici pour chaque role    	
    	//$this->deny('guest', 'default:index', 'test2'); 
    	//$this->deny('guest', 'admin:system-access', 'manage-acl');    
    	$select  = "	SELECT	concat(actions.module,':',actions.controller) as ressource,
    							actions.action, rights.role, rights.privilege    							 
    					FROM	aclrights rights, actionparams actions
    					WHERE	rights.actionid  = actions.id";
    	$privileges = zend_registry::get('db')->fetchAll($select);
    	
    	foreach($privileges as $privilege){
    		if( $privilege['privilege'] =="allow") {   			
    			$this->allow($privilege['role'], $privilege['ressource'], $privilege['action']);
    			
    		}
    		else if( $privilege['privilege'] =="deny")  {  			
    			//zend_debug::dump($privilege); exit;
    			$this->deny($privilege['role'], $privilege['ressource'], $privilege['action']);
    		}
    		//echo $privilege['ressource'].', '.$privilege['action'].', '.$privilege['privilege'].'<br>';
    	}
    	//exit;
    	//pour tout permettre à l'administrator
        $this->allow($this->_superadminRole);
    }
    
    protected function _addRessources()
    {
    	$config = Zend_Registry::get('config'); 
        
    	$ressources = new Wmp_Model_ActionparamsTable();
    	$ressources = $ressources->getRessources();
    	
    	foreach($ressources as $ressource){
    		$this->add(new Zend_Acl_Resource($ressource['ressource']));
    	}
    }
    
    protected function _addRoles()
    {
    	$roles = new Wmp_Model_AclRolesTable();//DOC:chargement des roles dynamiquement
    	$roles = $roles->fetchAll();
    	foreach ($roles as $role) {
        	
            if (!$this->hasRole($role->name)) {
                if (empty($role->parents)) {
                    $parents = null;
                } else {
                    $parents = explode(',', $role->parents);
                }
                //INFO:ajout des rôles avec héritage
                $this->addRole(new Zend_Acl_Role($role->name), $parents);
            }
        }
        if (!$this->hasRole($this->_superadminRole)) 
        $this->addRole(new Zend_Acl_Role($this->_superadminRole));
    }
    
    protected function _loadRedirectionActions($aclConfig)
    {               
		$userdata = new Zend_Session_Namespace('userdata');
		
		//OPTIMIZEME : corriger cet url
        $loginProcess = stripos($url, '/member/login');
        if(!$loginProcess) {
        	//FIXME : test si le controlleur n'est pas error, et module = default
        	//avant d'ajouter url        	
        	$userdata->lastVisitedUrl = Wmp_Lib::curPageURL();        	 
        }
        
    	$this->_noAuth = array('module' => 'member',
            'controller' => 'login',
            'action' => 'index');
    
        $this->_noAcl = array('module' => 'error',
            'controller' => 'show',
            'action' => 'denied');
    }
    
    /*protected function setErrorPage($action, $controller = 'error', $module = 'default')
    {
    	
    }*/
}
